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REMARKS/ARGUMENTS 

Applicant would like to thank the Examiner for the thorough review of the present 
application. Based upon the amendments and the following remarks, Applicants respectfully 
request reconsideration of the present application and allowance of the pending claims. 

The Present Invention 

The present invention includes a method and system for selectively implementing and 
enforcing Authentication, Authorization and Accounting (AAA) of users accessing a network via 
a gateway device. According to the present invention, a user may first he authenticated to 
determine the identity of the user. The authentication capability of the system and method of the 
present invention can be based upon a user ID, computer, location, or one or more additional 
attributes identifying a source (e.g., a particular user, computer or location) requesting network . 
access. The authentication process is completely transparent to the host computer and requires 
no additional software be installed on the host computer in order to access the network via the 
gateway device. Once authenticated, an authorization capability of the system and method of the 
present invention is customized based upon the identity of the source* such that sources have 
different access rights based upon their identity, and the content and/or destination requested. 
For instance, access rights permit a first source to access a particular Internet destination address, 
while refusing a second source access to that same address. 

35 U.S.C. § 102 (V) Rejections 

Claims 1-3, 6-1 1, 14-16 stand rejected as being anticipated by United States Patent No. 
5,1 13,499, issued to Ankney et ah (the '499 Ankney patent). 

According to the Office Action, the '499 Ankney patent teaches all of the elements of 
independent Claim 1, specifically: 
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A method for selectably controlling and customizing source access to a network, wherein 
the source is associated with a source computer (Column 1, lines 12-18) comprising: 

receiving at the gateway device a request from the source computer for access to 
the network, and wherein the source computer has transparent access (Column 6, lines 28-29) to 
the network (Figure 3, Column 1, lines 7-11) via a gateway device (Column S s lines 46-50) and 
no configuration software need be installed on the source computer (Column 7, lines 3^19) to 
access the network, (Column 5, lines 46-50) 

identifying an attribute associated with the source based upon a packet transmitted 
from the source computer and received by the gateway device (Column 1, lines 24-27 and 
Column 5, lines 46-57); 

accessing a source profile corresponding to the source and stored in a source 
profile database, wherein the source profile is accessed based upon the attribute, and wherein the 
source profile database is located external to the gateway device and in communication with the 
gateway device (Figure 3, Column 5, lines 58-67 and Column 7, lines 40-44), and 

determining the access rights of the source based upon the source profile, wherein 
access rights define the rights of the source to access the network (Column 6, lines 29-32). 

The '499 Ankney Patent Does Not Teach a Source Computer that has Transparent Access to the 
Network via a Gateway Device 

Applicant acknowledges the Examiners reference to the '499 Ankney patent at column 1 , 
lines 18-20, which states, "The devices themselves typically are referred to as users, in the 
context of the network." Additionally, the applicant acknowledges the Examiners reference to 
the '499 Ankney patent at column 6, lines 26-29, which states <4 the assembly of data at the 
terminal (or at a PAD remote from but associated with the terminal) into a CR packet, and the 
intercommunication between the switch and the TAMS are transparent to the user." However, 
the applicant strongly believes that the Examiner has incorrectly assumed that the Ankney patent 
teaches that the devices (i.e., the source computers) have transparent access to the network* The 
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Applicant strongly believes tbat the Examiners deductive reasoning concerning this issue is in 
direct conflict with the teachings of the '499 Ankney patent, taken as a whole. 

First, the Applicant makes notes that the entire Summary of the Invention section and 
Detailed Description section differentiate between a user and a user's terminal (otherwise 
referred to as a user's data terminal equipment (DTE)). The Applicant believes that such 
consistent distinguishing of the terras throughout the specification is indication that the 
inventor's reference at column 6, line 29 to ''transparent to the user" is limited to a teaching of 
transparency in terms of the user. 

Second, and more importantly* the Applicant believes that the paragraph at Column 6, 
lines 26-47, i.e., the paragraph that includes at line 29 the term "transparent to the user" must be 
considered in light of the entire teaching within that paragraph. The paragraph teaches that the 
assembly of data at the user 's terminal into a CR packet and the communication between the 
switch and the TAMS are '"transparent to the user". The applicant emphasizes the term . 
"assembly of data at the user's terminal into a CR packet" because this statement is directly in 
conflict with the argument that the transparency being suggested applies to the user's terminal. 
Assembly of the data at the user's terminal into a CR packet necessitates that a pre-assigned 
relationship must exist between the user's terminal and the network. Specifically, the user*s 
terminal must support a specific protocol, i.e., call request protocol, in order to access the 
network See the paragraph at beginning at Column 16, line 3 3 which describes the call request 
protocol ID in terms of X,25 or X,29 protocols. In this regard, the user's terminal that accesses 
the network in the '499 Ankney patent is a static device and the packet switch in the '499 
Ankney patent provides static authentication, i.e., authentication is limited to authentication of 
the host computer that has the pre-assigned relationship. This means that in order for a user's 
terminal to be granted authentication, the user's terminal must support the call request protocol. 
Since, the 6 499 Ankney patent teaches a pre-assigned relationship based on pre-defined 
protocols, the access that is provided to the user's terminal is not, by definition, transparent 
access. 

In the present invention, transparent access by the source computer is paramount because 
the gateway device is capable of providing dynamic authentication to a source. As defined in 
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claims 1 and 10 and in the specification of the present invention the source is associated with the 
source computer. The source is not, in and of itself, the source computer. As the specification 
defines at page 10, beginning at line 26, "Users and computers attempting to access a network 20 
or online service 22 via the gateway device 12 are referred to hereinafter as sources. According 
to AAA methods and systems of the present invention, a source attempting to access a network 
via the gateway device 12 is authenticated based on attributes associated therewith. These 
attributes can include the identity of a particular user or computer, location through which access 
is requested, requested network or destination, and the like." These attributes include the MAC 
address of the computer* the users passwoixi and or a VLAN tag for location identification. Thus 
the gateway device has the ability to grant authentication to a computer, to a user or to a location 
because the access is transparent to the source computer. Thus, in the present invention, the 
transparency to the source computer provides for the method and systems of the present 
invention to grant authentication to users, computers and/or locations (for example, a specific 
access port in a hotel room, airport kiosk or the like). The source computers that access the 
network do so transparently, without the need to establish a pre-assigned relationship with the 
gateway device or to communicate with the gateway device via a pre-assigned or defined 
protocol 

As to further define the terra '"transparent" in independent Claims 1 and 1 0, the claims 
specifically state that "no configuration software need be installed on the source computer to 
access die network". In this regard, the Applicant emphasizes that transparency at the host 
computer, i.e., user's terminal, is defined as no pre-assigned relationship with the gateway 
device. A pre-assigned relationship is established by modifying the host's configuration or pre- 
installing some agent or software on the host computer in order to access the gateway. 

While the Applicant acknowledges that the '499 Ankney patent provides for secure user 
access to a public data network "without requiring individual customers or device manufacturers 
to modify their hardware or software" (Column 7, lines 17-19), modification of software is not 
equivalent to the need to install configuration software on the host computer. As previously 
discussed, the host computer in the '499 Ankney patent must support call request protocol and, 
thus a pre-configuration function is necessary as a precursor to implementing the protocol for 
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call requests. This pre-configuration necessitates the need to install a configuration agent on the 
host computers. 

As defined in independent Claims 1 and 10, and in the specification at the paragraph on 
page 14, beginning at line 18, the source computer requires no configuration software installed 
on the source computer to access the network. By not requiring configuration software, the 
source computer is able to transparently access the network. No configuration software is 
required because the source computers and the gateway device do not require a pre-assigned 
relationship. The authentication that is granted through the gateway device is by an attributed 
associated with the source. This attribute may be an ID of the source computer, an ID of the user 
or an ID of the location from which access is being sought. The fact that the user's terminal can 
access the gateway transparently makes the present invention highly advantageous to the user in 
a nomadic environment. For example, if the user is located in a hotel room, an airport kiosk or 
the like, the user can access the gateway and, thus, the network without having to add additional 
software to their terminal or without having to re-configure their terminal. 

Since independent Claims 1 and 10 specifically require source computer (i.e., user 
terminal) transparency and that no configuration software be installed on the source computer for 
the purpose of accessing the network and the '499 Ankney patent requires the host computers to 
be dually configured to support call request record/protocol 7 applicant respectfully submits that 
for this reason independent Claims 1 and 10, which have been rejected under 35 U.S.C. § 102 
(b) are not anticipated by the cited '499 Ankney reference and, are thus, patentable. 

In addition, the dependent Claims that depend from Claims 1. 10, specifically Claims 2-9 
and 1 1-1 6 add further limitations to the independent claims and, as such, as a matter of law, if 
the independent claims are found patentable so too should the accompanying dependent claims. 



According to the Office Action, the '499 Ankney patent teaches all of the elements of 
independent Claim 10, specifically: 
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A system for selectably controlling and customizing access, to a network, by a 
source, where the source is associated with a source computer, and wherein the source computer 
has transparent access to the network via a gateway device and no configuration software need 
be installed on the source computer to access the network, comprising: 

a gateway device (Column 5, lines .46-47), wherein the gateway device receives a 
request from the source for access to the network (Column 5, lines 46-50); 

a source profile database in communication with the gateway device and located 
external to the gateway device (Figure 3), wherein the source profile database stores 
access information identifiable by an attribute associated with the source, and wherein the 
attribute is identified based upon a data packet transmitted from the source computer and 
received by the gateway device (Column 5, lines 58-67 and Column 7, lines 40-44), and 

an Authentication, Authorization and Accounting (AAA) server in 
communication with the gateway device and source profile database, wherein the AAA 
server determines if the source is entitled to access the network based upon the access 
information stored within the source profile database, and wherein the AAA server 
determines the access rights of the source, wherein access rights define the rights of the 
source to access destination sites via the network (Figures 8-10, Column 5, lines 7-16, 
58-67 and Column 7, lines 20-27, 40-44). 

The '499 Anknev Patent Does Not Teach or Suggest Accounting as a Required Function 
of the Total Access Management System (TAMS) 

The TAMS system taught in the '499 Ankney patent teaches a system for authenticating 
and authorizing users and host computers for access to a public data network. The TAMS 
systems does not teach or suggest an accounting means. To the applicant's knowledge, the 
TAMS system taught in the '499 Ankney patent does not provide for an accounting protocol 
between the packet switch and the TAMS server. 
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Claim 10 of the present invention specifically lists as an element an Authentication, 
Authorization and Accounting (AAA) server. This server must, by its very nature, support and 
provide an accounting function, generally TCP/IP accounting. 

Since independent Claim 10 specifically requires a AAA server capable of providing 
accounting functions and the '499 Ankney patent provides no teaching that the TAMS provides 
such functionality, applicant respectfully submits that for this additional reason independent 
Claim 10, which has been rejected under 35 U.S,C. § 102 (b) is not anticipated by the cited H99 
Ankney reference and, is thus, patentable. 

Further, as mentioned above, the dependent Claims that depend from Claim 10 ? 
specifically Claims 11-16 add further limitations to the independent claims and, as such, as a 
matter of law, if the independent claims are found patentable so too should the accompanying 
dependent claims, 



35 U.S.C. S 103 fa^ Rejections 

Claims 17 and 20-24 stand rejected as being unpatentable over United States Patent No, 
5,1 13,499, issued to Ankney et aL (the '499 Ankney patent) in view of United States patent No. 
6,317790, issued to Bowker et al. (the e 790 Bowker patent). 

According to the Office Action, the '499 Ankney patent in combination with the '790 
Bowker patent teach all of the elements of independent Claim 1 7. 

The '499 Ankney Patent nor '790 Bowker Patent Teach a Gateway Devi ce that Enables 
the Source to Communicate with a Network Without Requiring the S ource Computer to Include 
Network Software Configured for the Network 

Similar to the arguments present to distinguish the '499 Ankney patent from independent 
Claims 1 and 10, independent Claim 17 requires the gateway to enable die source to 
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communicate with a network without requiring the source computer to include network software 
configured for the network. Neither the '499 Anlcney patent not the '790 Bowker patent provide 
for a gateway device that enables the source to communicate with a network without requiring 
the source computer to include network software configured for the network. 

As previously noted, the '499 Ankney patent requires support of call request protocol in 
order for the source computer to access the network. Such support of the CR protocol 
necessitates that the source computer include network software, i.e. CR protocol software, to 
access the network. The s 790 Bowker patent teaches redirection at a Web server and does not 
teach or suggest the use of a gateway device that provides network access. 

Since independent Claim 17 specifically requires the gateway to enable the source to 
communicate with a network without requiring the source computer to include network software 
configured for the network and the M99 Ankney patent and '790 Bowker patent provide no 
teaching of such, applicant respectfully submits that for this reason independent Claim 17, which 
has been rejected under 35 US.C. § 103 (a) is not unpatentable over the '499 Anlcney reference 
in view of the '799 Bowker patent and, is thus, patentable. 

Further, as mentioned above, the dependent Claims that depend from Claim 17, 
specifically Claims 18-24 add fUrther limitations to the independent claims and, as such, as a 
matter of law, if the independent claims are found patentable so too should the accompanying 
dependent claims. 
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Conclusion 

In view of the proposed amended claims and the remarks submitted above, it is 
respectfully submitted that the present claims are in condition for immediate allowance. It is 
therefore respectfully requested that a Notice of Allowance be issued. The Examiner is 
encouraged to contact Applicant's undersigned attorney to resolve any remaining issues in order 
to expedite examination of the present invention. 

It is not believed that extensions of time or fees for net addition of claims are required, 
beyond those that may otherwise be provided for in documents accompanying this paper. 
However, in the event that additional extensions of time are necessary to allow consideration of 
this paper, such extensions are hereby petitioned under 37 CFR § 1.136(a), and any fee required 
therefore (including fees for net addition of claims) is hereby authorized to be charged to Deposit 
Account No. 16-0605. 
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